Privacy Policy

1. Data Controller

Ilias Ammour
Altes Gericht 22
35398 Giessen
Germany
Email: info@jpnthings.com

2. Overview of Processing

This privacy policy explains the type, scope, and purpose of the processing of personal data within our online offering (jpnthings.com) and the associated websites, features, and content.

3. Data Collected

We collect the following personal data:

• Upon registration / login: Name, email address, profile picture (optional), authentication tokens.
• Via Single Sign-On (Google Login): Basic profile data transmitted by Google (name, email address, profile picture).
• For contact inquiries: Name, email address, message content.
• For newsletter subscription: Email address.
• Automatically collected data: IP address, browser type and version, operating system, time of access, referrer URL.

4. Legal Basis

The processing of personal data is based on the following legal bases (GDPR):

• Art. 6 (1) (a) – Consent (e.g., newsletter subscription, optional profile details).
• Art. 6 (1) (b) – Performance of a contract & pre-contractual measures (e.g., providing network features, account creation).
• Art. 6 (1) (f) – Legitimate interest (e.g., website security, essential cookies, spam prevention).

5. Cookies

We strictly use essential cookies only:

• Supabase Auth Cookies – for authentication and session management (login status).
• NEXT_LOCALE – to store your preferred language setting.

These cookies are absolutely necessary for the secure operation of the website and do not require prior consent. We do not use tracking, analytics, or marketing cookies.

6. Hosting

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, server log files (including IP address) are automatically collected to ensure the security and stability of the website. Legal basis: Art. 6 (1) (f) GDPR.

7. Authentication & Database (Supabase & Google)

We use Supabase Inc. (Server location: Region eu-central-1 / Frankfurt) for user authentication and database management. Supabase processes email addresses, passwords (encrypted), and session tokens. Legal basis: Art. 6 (1) (b) GDPR.

Login with Google: We offer the option to log in via Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). If you choose this option, you will be redirected to Google. After a successful login, Google transmits your email address and name to us to create your account. Legal basis: Art. 6 (1) (b) GDPR.

8. Transactional Emails and Newsletter (Resend)

We use Resend Inc., USA, to send transactional system emails (e.g., registration confirmations, password resets) and for contact inquiries. Email addresses and message content are transmitted to Resend. Legal basis: Art. 6 (1) (b) GDPR.

Newsletter: If you sign up for our newsletter, we store your email address. The sending is based on your explicit consent (Art. 6 (1) (a) GDPR). You can unsubscribe at any time (withdrawal of consent).

9. Data Transfer to Third Countries (USA)

Some of our service providers (Vercel, Supabase, Resend) are based in the USA. Data transfer is based on the adequacy decision of the EU Commission (EU-US Data Privacy Framework) for certified companies, as well as on EU Standard Contractual Clauses to guarantee a level of data protection equivalent to the GDPR.

10. Data Storage and Deletion

We only store data for as long as is necessary for the respective processing purposes:

• Account data: Until the account is deleted by the user.
• Newsletter data: Until you withdraw your consent (unsubscribe).
• Contact inquiries: 12 months after the communication is concluded.
• Server logs: Usually a maximum of 30 days.

11. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption (recognizable by the lock symbol in the browser address bar).

12. Your Rights as a Data Subject

You have the following rights under the GDPR:

• Right of Access (Art. 15 GDPR)
• Right to Rectification (Art. 16 GDPR)
• Right to Erasure (Art. 17 GDPR)
• Right to Restriction of Processing (Art. 18 GDPR)
• Right to Data Portability (Art. 20 GDPR)
• Right to Object (Art. 21 GDPR)
• Right to Withdraw Consent (Art. 7 (3) GDPR): You can withdraw your consent at any time with effect for the future.

To exercise your rights, please contact us at: info@jpnthings.com

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Hessian Commissioner for Data Protection and Freedom of Information.